aientrophy-nightwatch 0.2.0

Real-time file monitoring agent with YARA scanning and AI-powered malware analysis

Aientrophy Nightwatch

Real-time file monitoring agent with YARA scanning and AI-powered malware analysis.

Features

• Real-time file monitoring — watchdog-based filesystem watcher with event deduplication
• Multi-layer scanning pipeline — Hash DB → Extension mismatch → YARA rules → Cloud AI
• YARA rule engine — Compiled rule matching with auto-update from cloud
• Extension disguise detection — Detects executables/scripts masquerading as images/documents
• Quarantine management — Automatic isolation with metadata tracking and restore capability
• Cloud AI analysis — Escalates suspicious files to Claude API for deep inspection
• Lightweight agent — ~50MB RAM footprint, all heavy analysis offloaded to cloud

Quick Start

# Install
pip install aientrophy-nightwatch

# Scan a single file
nightwatch scan /path/to/suspicious/file

# Start monitoring daemon
nightwatch start --config /etc/aientrophy/agent.yml

# Check status
nightwatch status

One-line Server Install

curl -sL https://install.aientrophy.com/agent | sudo bash -s -- --key YOUR_API_KEY

Configuration

watch:
  paths:
    - /var/www
    - /tmp
  recursive: true

scan:
  yara_rules_dir: /var/lib/aientrophy/yara-rules
  hash_db_path: /var/lib/aientrophy/hash-db/malware_hashes.txt

action:
  on_detect: quarantine  # quarantine | alert | block

cloud:
  server: https://malware.aientrophy.com

Requirements

• Python 3.10+
• Linux (recommended) or Windows

Links

• Homepage: https://aientrophy.com
• Documentation: https://docs.aientrophy.com/nightwatch